07-30-2009 01:26 PM
I want to use the ControlledAccess class in a library so that code within my library can put stuff in the RuntimeStore securely.
As I understand it, I have to:
1) setup a BlackBerry Signing Authority Tool on my intranet
2) sign my library using our signing authority tool
3) Use code like:
// Get the code signing key associated with "ACME"
CodeSignKey codeSigningKey = CodeSigningKey.get( moduleHandle, "ACME" );
// Store myHashtable in the RuntimeStore but protect
// it with the "ACME" code signing key
RuntimeStore.put( MY_DATA_ID, new ControlledAccess( myHashtable, codeSigningKey ) );
I'm hoping that applications that use my library will not need to be signed by the signing authority tool on my intranet - is this correct?
I'm assuming once the cod file is signed, the BlackBerry isn't going to try to contact my signing authority tool to validate anything - is this correct?
How do I flag my cod file as requiring my signing auth (SignatureTool does not have an option to do this so I assume it is in the alx or some other file) using command line tools (not using IDE to build)?
07-30-2009 01:55 PM
I believe that your first assumption about applications not needing to be signed is correct but I've never tried it.
Your signing authority tool is only contacted during the signing process, never at runtime.
rapc has the options to set the requirement for signing. For example you should add the following option to your rapc command line...
"package:com.yourpackage=acme.key" then include the acme.key file as one of your source files.